CVE-2021-38917

3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.3%
top 48.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Powervm Hypervisor
Timeline
PublishedDec 10
Latest updateDec 11

Description

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5ibm/powervm_hypervisorFW860, FW940, FW950+2
NVDibm/powervm_hypervisorfw860, fw940, fw950+2

🔴Vulnerability Details

2
GHSA
GHSA-jrj8-w63v-jf8f: IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system m2021-12-11
CVEList
CVE-2021-38917: IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system m2021-12-10
CVE-2021-38917 (CRITICAL CVSS 9.1) | IBM PowerVM Hypervisor FW860 | cvebase.io